In this week’s Financial Crime Wave, a look at the pros and cons of outsourcing financial crime compliance, an update in a potential $328 million penalty against retail giant Walmart for U.S. Foreign Corrupt Practices Act violations in Mexico and other countries, a major cyber risk hiding in your Microsoft Word programs, and more.

Compliance

With more AML expectations combined with recent record fines, should banks consider outsourcing compliance?

The rising expectations of global regulators, increasing costs of compliance and record penalties for non-compliance – hundreds of billions of dollars since the financial crisis – has some banks considering a new strategy: outsourcing anti-money laundering compliance. A way to potentially improve the program and lower costs, but still without the true ability to outsource risk or liability. The average bank spends over £40m a year on Know Your Customer (KYC) processes yet, in 2016 alone, bank fines worldwide rose by 68%, to a staggering $42bn.

Resource stretched mid-sized banks, in particular, are having a tough time. As regulators up the ante they are creating an operating environment increasingly conducive to fines. To cope, banks are expanding their compliance resources to mitigate their risk of transgression. Those with resource limitations are, therefore, the most vulnerable. They are right to be worried. Since 2008, banks globally have paid a staggering $321 billion in fines. This time, however, big ticket fines have been replaced by a far higher number of smaller penalties. Put another way, the regulators are now tightening a much finer net than before, (via Bob’s Guide).

No delegation of compliance duties

A spectacularly bad idea: CEO of brokerage in Hong Kong also takes on top compliance duties, (via the FCPA Blog).

Wal-Mart Stores, Inc. stated last week in a filing with the Securities Exchange Commission that it has put aside $283 million for a possible Foreign Corrupt Practices Act (FCPA) settlement with U.S. authorities. The company initially disclosed the FCPA investigation in December 2011, according to the FCPA Blog.

In 2012, the New York Times alleged that in Mexico Walmart paid $24 million in bribes to public officials. The bribes allegedly help Walmart win approvals to open more stores. The FCPA investigation has involved allegations of potential FCPA violations in Mexico, Brazil, China, and India, among others, Walmart said earlier. Walmart, based in Bentonville, Arkansas, has spent more than $700 million investigating potential FCPA offenses and enhancing its anti-bribery compliance program, (via the FCPA Blog).

Federal prosecutors Monday charged the head of a non-governmental organization (NGO) based in Hong Kong and Virginia and the former Foreign Minister of Senegal with participating in a multi-year, multimillion-dollar scheme to bribe high-level officials in Chad and Uganda in exchange for business advantages for a Chinese oil and gas company, violating the U.S. Foreign Corrupt Practices Act (FCPA). Authorities have charged Chi Ping Patrick Ho aka Patrick C.P. Ho, 68, of Hong Kong, China, and Cheikh Gadio, 61, of Senegal, with conspiring to violate the FCPA, violating the FCPA, conspiring to commit international money laundering, and committing international money laundering.

Prosecutors day the defendants engaged in two bribery schemes to pay high-level officials of Chad and Uganda in exchange for business advantages for the Energy Company, a Shanghai-headquartered multibillion-dollar conglomerate that operates internationally in the energy and financial sectors. Defendant Ho was the head of a non-governmental organization based in Hong Kong and Virginia that holds “Special Consultative Status” with the United Nations Economic and Social Council. The Energy NGO is funded by the Energy Company, (via the U.S. DOJ).

Researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Microsoft Office 365, and works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update.

Discovered by the security researchers at Embedi, the vulnerability leads to remote code execution, allowing an unauthenticated, remote attacker to execute malicious code on a targeted system without requiring user interaction after opening a malicious document. The vulnerability, identified as CVE-2017-11882, resides in EQNEDT32.EXE, an MS Office component which is responsible for insertion and editing of equations (OLE objects) in documents. One of the best solutions is immediately updating a new patch from Microsoft addressing this issue, or disabling the piece of code, (via the Hacker News).

NSA shaken to its core

NSA infiltrated, robbed by brazen hacker group as country’s own cyber arsenal is used against itself, other countries, companies, (via Business Insider).

White House strengthening cyber transparency

The White House is slated to increase the transparency around cyber flaws it finds in public and private systems in a bid to prevent global hacker attacks, (via CIO Dive).

Money laundering

In Putin’s Russia, a money launderer’s paradise

Alexei Kulikov was charged with looting a small Moscow bank. But his trial turned into a window into the shadowy – and seemingly uncontrollable – world of money laundering in Putin’s Russia. Kulikov had a stake in Promersbank, which Russian officials way was involved in one of the biggest laundering schemes in the country history, moving some $10 billion out of Russia, some tied to the “mirror trades” scandal, (via Bloomberg).

Enforcement

OCC to pull back on compliance exams, banks cheer

Will be the OCC have a lighter examination, enforcement touch going forward? Some believe the answer is yes, even though many banks are not seeing any changes on the ground just yet, (via Reuters).

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) penalized one of California’s largest card clubs for turning a “blind eye” to loan sharking, suspicious high-value chip transfers and “flagrant criminal activity” for years as its anti-money laundering (AML) program generally floundered. The penalty against Artichoke Joe’s Casino (AJC) is chiefly due to the fact that the operation “willfully violated” AML laws for nearly a decade, from October 2009 to November 2017.

AJC, a card club located in San Bruno, California, has been in operation since 1916. In March 2011, state and federal law enforcement authorities raided AJC, leading to the racketeering indictment and conviction of two AJC customers for loan-sharking and other illicit activities, with the knowledge of top club employees. In some cases, employees witnessed load sharks giving chips to customers, but AJC still never filed any suspicious activity reports, (via FinCEN).

The largest bank in the United States is facing new questions about the strength of its global financial crime compliance programs after a Swiss regulator levied a secret penalty around the depth and accuracy of customer due diligence and related risk rankings. Swiss financial markets authority FINMA has found that the Swiss subsidiary of U.S. investment bank JPMorgan broke anti-money laundering rules, a Swiss court document showed. FINMA ruled on June 30 that JPMorgan Switzerland had “seriously infringed” regulatory oversight provisions, according to a ruling issued by the Federal Administrative Court on Nov. 8 and published on Thursday.

The case involved a “violation of obligations of diligence on questions of money-laundering,” the court document said. The court had been examining whether FINMA’s previously undisclosed decision on JPMorgan could be made public, in a case first reported by the Handelszeitung paper. FINMA is not authorized to levy fines, but may confiscate unlawfully realized gains, impose professional limitations on bankers or require an organization to make changes to prevent similar breaches recurring. In severe cases, it may revoke an institution’s banking license, (via Reuters).

The IRS has created two new programs slated to come into force next year in a bid to better coordinate large, complex, cross-border investigations and better go after the enablers of tax evasion and other financial crimes. They are the Nationally Coordinated Investigations Unit, and the International Tax Enforcement Group, with the agency overall giving a stronger focus to crypto currencies as well, (via Ropes & Gray).

Terror finance

Battling terror groups in cyber worlds

As terror groups lose ground in the physical world, they increase efforts to win battles in cyberspace for support, new recruits, (via The National).